Hacker's Prank Makes Websites Do Harlem Shake

A fun bit of injected JavaScript shows how easy it can be to make websites misbehave.

Shares

(Image credit: Gracie Films/Twentieth Century Fox Television)

Some websites are more vulnerable than others to hacking. Some are so weak, you can make them do the Harlem Shake.

Late last week, British programmer Jamie Hankins loaded a bit of JavaScript into his own website's metadata, specifically the TXT fields of the Domain Name Service (DNS) records.

The result? When you type in "jamiehankins.co.uk" into the search fields of certain websites, the text starts shaking, music starts blaring and the entire page turns into a dance party, complete with a Rick Astley video.

"The who.is website is displaying the contents of this record for the jamiehankins.co.uk domain without properly sanitizing it for HTML, opening up a cross-site-scripting attack," Rhomboid said. "The registrant of the domain put a in two separate TXT records, and the lack of sanitation causes them to be active, loading remote scripts. Once you can run a script, you have complete control and do anything you want, including loading further scripts, stealing cookie values, etc."

For posterity's sake, there are a few YouTube videos that demonstrate the results of Hankins' prank.